Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The long tail of vulnerable operating systems

From: Adriel Desautels <adriel () netragard com>
Date: Wed, 14 Nov 2007 15:33:23 -0500
Kate,
        I wasn't attempting to act like n3td3v, I apologize. With regards to
protecting what is out there, from my perspective there is only one way
to do it. Understand the threat by collecting real threat intelligence
and perform security assessments using the same caliber attacks/tests as
the threat. Use the product of those tests to create a solution to any
issues discovered and retest to validate the solution.

        Also, use security companies that produce deliverables that are the
product of human talent as opposed to automated tools and scanners.
Automated scanners are very useful for time savings, etc... but not good
enough to produce truly complete and accurate results.

        While you're at it, check out OSSEC... I've been playing with it and
its pretty neat especially if you configure it as an IPS and let it read
your snort logs, etc.

        Was that more inline or am I still way off topic? ;]

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security


Katie M wrote:

What is this, full disclosure? I thought we were on DailyDave! ;-)
No, it wasn't them and I won't tell who since they were my client and
I am under NDA.

The point of my post wasn't to expose any particular company, but to
comment that older OSes, less-than-fully-patched current OSes, and
other older software are still very relevant in terms of security
today. We not only need to remember the exploits, but also look for
practical ways to protect what is really out there.

-Katie.


On 11/14/07, Adriel Desautels <adriel () netragard com> wrote:

Kaite,
     The company with all of the old systems wouldn't be CFI by chance would it?

Regards,
     Adriel T. Desautels
     Chief Technology Officer
     Netragard, LLC.
     Office : 617-934-0269
     Mobile : 617-633-3821
     http://www.linkedin.com/pub/1/118/a45

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security


Katie M wrote:

Hey Dave,
  Lots of places have older OSes deployed, perhaps only internally as
you mentioned, but companies are rife with them, and sometimes closer to
the perimeter than you'd expect.  On a consulting enagagement, I met a
Fortune 50 company that had a massive internal deployment of Windows 98
(yeah, I know, weird but here's why) because they had some biz critical
crapplication that nearly everyone needed to use that would only run on
Win98.  I told them to hire some developers or interns or somebody,
anybody, to rewrite the thing from scratch.  :-)

  Of course they and all those other places that run old OSes *should*
welcome themselves into this millenium's operating systems -- we all
agree there.  No need to start arguing the obvious.  But the point is
that more than enough orgs (won't or) don't have the resources to
upgrade (or to update) due to app compatibility.  That's the reality and
the reason why attacking older OSes at a CTF-like event is still
pertinent and practical.

My 0.01 pence.

-Katie


On Nov 12, 2007 3:03 AM, Dave aitel <dave () immunityinc com
<mailto:dave () immunityinc com>> wrote:

So every CTF I've played recently (like the one at CSI last week) has a
target set of Windows 2000 and extremely old Linux (say, RedHat 8). I'm
pretty sure that on any modern network you don't find a whole lot of
either of these. There's always the people who still run NT4 and SCO
OpenServer, but you have to look pretty far for them. But yet, no real
remote exploits exist for Fedora Core 1, much less 7. Solaris has XFS
and a few other remotes, but no one runs Solaris any more except the US
Government, that I can tell. Even assuming you see some Solaris or AIX
or whatever, you end up being so deep in the network already to find it
that you've already got all the passwords and don't need exploits.

But old operating systems will continue to live forever in CTF, I
assume.

Sort of as a sign of the times, while I was playing CTF on the Windows
machine provided, I browsed the web briefly and my machine was
immediately taken over by some really annoying spyware. So for the rest
of the game I got to spend a lot of time clicking "close" on IE windows
that kept popping up.

Anyways, if you want to chat about it or grieve the pain of lost 0day,
and you live in London then you should come to Immunity Pub Night In
London Saturday Nov 24 at 6pm at the Price Arthur 80-82 Eversholt
Street. I'll put 200 quid on the bar to help you drown your sorrows.
RSVP to admin () immunityinc com <mailto:admin () immunityinc com>!

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com <mailto:Dailydave () lists immunitysec com>
http://lists.immunitysec.com/mailman/listinfo/dailydave
<http://lists.immunitysec.com/mailman/listinfo/dailydave>


------------------------------------------------------------------------
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Attachment: adriel.vcf
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: